comic strip maker
on Rabu, 24 Juni 2009
/
Comments: (0)
suka bikin comic strip? punya banyak ide? pengen terkenal kayak chickenstrip? ada cara gampang bikinnya.. salah satunya adalah.. witty... simple kok... lo pasti bisa dan online.... cuman lo harus jadi memebr kalo mo ngesavenya...
Bad boys
belakangan ini gw lagi research tool untuk web testing, salah satu yang menarik adalah bad boy. selain berbasis GUI dan tambahan script2, serta variabel yang bisa di link ke database ato excel. simpel digunakan dan free untuk 5 user, masih ngulik-ngulik cara akses APInya melalui javascript...
selain itu ada juga watin untuk create testing di VS.NET... cuman ya harus develop dulu berikut contoh skenario testing untuk halaman login dengan mencoba2 inputan dari array, codingnya masih kasar nih... maklum namanya juga contoh.
Sub Main()
Dim browser As New IE("http://localhost/website/login.asp")
Dim User() As String = {"user", "admin", "test", "testingusers", "1", "2"}
Dim pwd() As String = {"password", "admins", "tester", "testingusers", "1", "2"}
Dim i As Integer
For i = 0 To User.Length - 1
If browser.TextField(Find.ByName("login")).Exists Then
browser.TextField(Find.ByName("user")).TypeText(User(i))
browser.TextField(Find.ByName("password")).TypeText(pwd(i))
browser.Button(Find.ByName("btnLogin")).Click()
Else
MsgBox("User = " & User(i - 1) & vbCrLf & "Password = " & pwd(i - 1))
Exit For
End If
Next
End Sub
wish me luck othree....
happy coding
ASP script untuk mencegah SQL injection
berikut adalah script buat mencegah SQL injection... gw lupa dapat darimana, intinya dia melacak karakter-karakter yang bisa dipakai buat SQL injection. sriptnya menscan input secara keseluruhan baik dari form, URL bahkan cookies. ditulis dalam ASP.
' Author: Nazim Lala ' ' This is the include file to use with your asp pages to ' validate input for SQL injection. Dim BlackList, ErrorPage, s ' ' Below is a black list that will block certain SQL commands and ' sequences used in SQL injection will help with input sanitization ' ' However this is may not suffice, because: ' 1) These might not cover all the cases (like encoded characters) ' 2) This may disallow legitimate input ' ' Creating a raw sql query strings by concatenating user input is ' unsafe programming practice. It is advised that you use parameterized ' SQL instead. Check http://support.microsoft.com/kb/q164485/ for information ' on how to do this using ADO from ASP. ' ' Moreover, you need to also implement a white list for your parameters. ' For example, if you are expecting input for a zipcode you should create ' a validation rule that will only allow 5 characters in [0-9]. ' BlackList = Array("--", ";", "/*", "*/", "@@", "@",_ "char", "nchar", "varchar", "nvarchar",_ "alter", "begin", "cast", "create", "cursor",_ "declare", "delete", "drop", "end", "exec",_ "execute", "fetch", "insert", "kill", "open",_ "select", "sys", "sysobjects", "syscolumns",_ "table", "update") ' Populate the error page you want to redirect to in case the ' check fails. ErrorPage = "ErrorPage.asp" ''''''''''''''''''''''''''''''''''''''''''''''''''' ' This function does not check for encoded characters ' since we do not know the form of encoding your application ' uses. Add the appropriate logic to deal with encoded characters ' in here ''''''''''''''''''''''''''''''''''''''''''''''''''' Function CheckStringForSQL(str) On Error Resume Next Dim lstr ' If the string is empty, return true If ( IsEmpty(str) ) Then CheckStringForSQL = false Exit Function ElseIf ( StrComp(str, "") = 0 ) Then CheckStringForSQL = false Exit Function End If lstr = LCase(str) ' Check if the string contains any patterns in our ' black list For Each s in BlackList If ( InStr (lstr, s) <> 0 ) Then CheckStringForSQL = true Exit Function End If Next CheckStringForSQL = false End Function ''''''''''''''''''''''''''''''''''''''''''''''''''' ' Check forms data ''''''''''''''''''''''''''''''''''''''''''''''''''' For Each s in Request.Form If ( CheckStringForSQL(Request.Form(s)) ) Then ' Redirect to an error page Response.Redirect(ErrorPage) End If Next ''''''''''''''''''''''''''''''''''''''''''''''''''' ' Check query string ''''''''''''''''''''''''''''''''''''''''''''''''''' For Each s in Request.QueryString If ( CheckStringForSQL(Request.QueryString(s)) ) Then ' Redirect to error page Response.Redirect(ErrorPage) End If Next ''''''''''''''''''''''''''''''''''''''''''''''''''' ' Check cookies ''''''''''''''''''''''''''''''''''''''''''''''''''' For Each s in Request.Cookies If ( CheckStringForSQL(Request.Cookies(s)) ) Then ' Redirect to error page Response.Redirect(ErrorPage) End If Next